Function Permissions
Purpose and Scope
Function-level permissions control access to custom functions defined within the Model. These functions can perform actions such as managing bookings, generating invoices, and handling reservations.
Configuring Function Permissions
To configure Function Permissions for a specific privilege, follow these steps:
- Choose the resource name, like the
register
function, from the dropdown list. - Alternatively, type the resource name, such as the
register
function, directly into the search bar.
- The icon in the dropdown list indicates Function ressources.
- The icon in the dropdown list indicates Singleton function ressources.
If the Singleton class or its exposed functions don't appear in the permissions dropdown, follow these steps to enable it:
Navigate to the Singleton class in the class section.
Check if the Singleton class is missing any exposed functions.
If there are no exposed functions, add at least one. Here’s an example:.
Save the changes and re-check the permissions dropdown.
If the Singleton class and its exposed functions still don't appear, reload the changes by following the documentation for applying the latest updates.
Now, the Singleton class and its exposed functions should be available for selection, whether it’s the standard class Singleton or the shared one.
Execute Permission
Execute permissions allow the designated privilege to run the function's code .
Promote Permission
Promote permissions enable temporary privilege escalation during function execution , ensuring the secure performance of critical operations within that function's code without permanently adding privileges.
Upon executing a specific function within a session with a designated privilege, Qodly dynamically integrates the privileges that Promote
the function into the session. This temporary elevation allows the function's execution, even when the original session's privilege lacks direct permission for resources in that function code.
After the function concludes, the temporary elevation from the Promote
permission is revoked.
Instead, the session experiencing temporary privilege elevation during function execution, will have access to all resource permissions set in each of the promoting privileges.
Refer to the use case of the Promote
permission for detailed configuration information.
Describe Permission
Describe permissions provide metadata access for the selected function .
Refer to the use case of the Describe
permission for detailed configuration information.
Strategies
Max Restriction to Gradual Expansion
To control function execution, the DataStore level is configured exclusively for the Restricted
privilege, ensuring that only roles with this privilege can execute functions, thus preventing any unauthorized access.
However, to accommodate scenarios where the Agent
role needs to execute functions, such as the book
function within the roomOptions
Entity class, a gradual expansion involves adding the book
function resource and checking the execute permission.
In this context, the bookRoom
privilege overrides function permissions set at the DataStore level (Restricted
).
Full Access to Gradual Restriction
If no Execute
permission is set at any level, it grants full access to all functions defined throughout the Model. Gradual restriction involves using other privileges to restrict specific function execution, as seen in the Employee
DataClass, where the register()
function execution is restricted to specific privileges.
Promote Permission Use Case
Scenario Overview
In a travel agency's system, dynamic pricing analysis recalculates travel package prices based on demand, seasonal trends, and competitor pricing. Key roles include:
The
Sales Manager
role fully controls Read access to thePricing
Dataclass, including the execution of its functions (Dataclass functions, entity functions, and entity selection functions), such as theanalyzePricing
function, to ensure confidentiality.Although the
Agent
role is restricted from accessing thePricing
Dataclass, there are specific scenarios where theAgent
may need to utilize theanalyzePricing
function to conduct a pricing analysis in response to special requests.
Promote Permission Configuration
If an Agent
receives a special request, they need Execute
permission for the analyzePricing
function to generate a customized pricing quote. This allows users with the Agent
role to directly execute the function.
However, due to restricted access to the Pricing
Dataclass limited to the Sales Manager
role:
Executing the function code attempting to Read
data from it would result in a No permission to read for the Pricing dataclass
error.
Therefore, It becomes essential to include Promote
permission for the analyzePricing
function within the ManageFinancials
privilege:
This configuration explicitly specifies that when the analyzePricing
function is executed within a session holding the Agent
role, which lacks permission for the Pricing
resource, it temporarily integrates the ManageFinancials
privilege into that session during function execution. This temporary elevation allows the function to be executed without granting permanent access.
Add the Execute
permission in the privilege associated with the role that needs to directly perform the function. Meanwhile, the Promote
permission is configured in the privilege that grants broader control over the resources involved in the function, providing a temporary elevation of privileges during the function's execution.
Describe Permission Use Case
The Describe
permission gives a privilege the ability to gather metadata about the structure and attributes of Dataclasses.
Scenario Overview
In this scenario, the Describe
permission is restricted to privilege A
for the metadata of the Pricing
Dataclass:
This limitation means that only privilege A
is allowed to read the metadata associated with the Pricing
Dataclass, covering Dataclass functions, Entity functions, and Entity Selection functions.
Consequence of Limited Permission
Despite privilege B
having the necessary permissions to execute the function, and the function being promoted, an error is triggered:
This error results from the absence of the Describe
permission for the Pricing
Dataclass within privilege B
:
This prevents it from retrieving crucial metadata, including the Dataclass name. Consequently, it fails to recognize the existence of the Pricing
Dataclass and, by extension, the associated function during execution.
Solutions
Solution 1: Granting Describe Permission
To address this issue, grant privilege B
the necessary Describe
permission for the Pricing
Dataclass. This permission allows privilege B
to access metadata, including the Dataclass name and its functions, enabling the successful execution of functions within the Pricing
Dataclass.
Solution 2: Higher Permission Level
If Describe
permission is configured for total confidentiality, and privilege B
shouldn't have access to it, then all functions must have a higher permission level than the restricted resource - the Pricing
Dataclass.
To overcome these limitations, place the function in the DataStore function and update the function appointed to privilege B
, displaying ds.analyzePricing
instead of Pricing.analyzePricing
:
The DataStore has a higher permission level than any individual Dataclass.
Likewise, if you aim to restrict the Describe
permission for the Price
Attribute in the Pricing
Dataclass, place the function either in the Pricing
Dataclass function or the DataStore function:
The Dataclass has a higher permission level than its Properties.